Skip to main content

7.4 Identification of Suspicious Transactions

Effective from 13/7/2023

(AML-CFT Decision 16)

FIs are obliged to put in place indicators that can be used to identify suspicious transactions, and to update those indicators on an ongoing basis in accordance with the instructions of the Supervisory Authorities or the FIU, as well as in keeping with relevant developments concerning ML/FT typologies. FIs should also consider the results of the NRA, any Topical Risk Assessment and their own ML/FT business risk assessments in this regard.

As part of their overall AML/CFT framework, and commensurate with the nature and size of their businesses, FIs should determine the internal policies, procedures and controls they apply in connection with the identification, implementation, and updating of indicators, as well as with the identification and evaluation of potentially suspicious transactions. Some factors that should be considered include, but are not limited to:

Organisational roles and responsibilities with respect to the implementation and review/updating of the relevant indicators, especially in relation to obligatory indicators required by the Supervisory Authorities or the FIU;
 
Operational and IT systems procedures and controls in connection with the application of relevant indicators to processes such as transaction handling and monitoring, customer due diligence measures and review, and alert escalation;
 
Staff training in relation to the identification and reporting of suspicious transactions (including attempted transactions), the appropriate use and assessment of the relevant indicators, and the degree and extent of internal investigation that is appropriate prior to the reporting of a suspicious transaction.
 

FIs should ensure that they have an adequate process and dedicated, experienced staff for the investigation of and dealing with alerts. The investigation of alerts and the conclusion of the investigation should be documented, including the decision to close the alert or to promptly report the transaction as suspicious.

Prompt reporting to the FIU is one of the key elements of the AML/CFT process. This means that FIs must report to the FIU the transaction immediately once the suspicious nature of the transaction becomes clear. This will be the case when from an objective point of view, taking the available information into account, there is a reason to believe that a transaction is suspicious. This means that FIs expeditiously investigate alerts and possible indications of ML/FT and immediately report the transaction upon determining that the transaction should be reported to the FIU. FIs therefore need to able to show that from the moment of the alert immediate and continuous action has been taken.

In this respect, FIs must have a procedure in place that defines the reporting process, and what steps to take in such cases. When investigating alerts it is important to examine the customer’s earlier and related transactions, and to reconsider the customer’s risk profile.

When identifying suspicious transactions, FIs, and their management and employees, should be aware of the facts that, in relation to ML/FT crimes, there is no minimum threshold or monetary value for reporting, and that no amount or transaction size should be considered too small for suspicion. This is of particular significance where the crimes of the financing of terrorism and of illegal organisations is concerned, since typologies related to them may often involve very small amounts of money.

Furthermore, with the exception of obligatory indicators for which reporting is required by the relevant Supervisory Authorities or the FIU, FIs should note that the presence of an indicator means that a transaction needs to be immediately investigated in order to determine whether the transaction needs to be reported. When determining whether a transaction is suspicious or whether there is reasonable ground for a suspicion, FIs should give consideration to the nature of the specific circumstances, including the products or services involved, and the details of the customer in the context of its risk profile. In some cases, patterns of activity or behaviour that might be considered as suspicious in relation to a specific customer or a particular product type, might not be suspicious in regard to another. For this reason, clear internal policies and procedures with regard to alert escalation and investigation, and internal suspicious transaction reporting are critical to an effective ML/FT risk-mitigation programme. This includes an adequate training program that will allow staff to detect possible unusual or suspicious transactions.

While it is impossible to list all the indicators of suspicion in these Guidelines, some useful links to sources of AML/CFT suspicious transaction indicators are provided in Appendix 11.2, Useful Links. A few examples of potentially suspicious transaction types that FIs should take into consideration include:

Transactions or series of transactions that appear to be unnecessarily complex, that make it difficult to identify the Beneficial Owner, or that do not appear to have an economic or commercial rationale;
 
Numbers, sizes, or types of transactions that appear to be inconsistent with the customer’s expected activity and/or previous activity;
 
Transactions that appear to be exceptionally large in relation to a customer’s declared income or turnover;
 
Large unexplained cash deposits and/or withdrawals, especially when they are inconsistent with the nature of the customer’s business;
 
Loan repayments that appear to be inconsistent with a customer’s declared income or turnover;
 
Early repayment of a loan followed by an application for another loan;
 
Third-party loan agreements, especially when there are amendments to or assignments of the loan agreement;
 
Requests for third-party payments, including those involving transactions related to loans, investments, or insurance policies;
 
Transactions involving high-risk countries, including those involving “own funds” transfers, particularly in circumstances in which there are no clear reasons for the specific transaction routing;
 
Frequent or unexplained changes in ownership or management of Business Relationships;
 
Illogical changes in business activities, especially where high-risk activities are involved;
 
Situations in which CDD measures cannot be performed, such as when the customers or Beneficial Owners refuse to provide CDD documentation, or provide documentation that is false, misleading, fraudulent or forged.
 
 When reporting an STR in the GoAML system, the user is required to select the most appropriate reason for reporting available from the menu selection provided. More than one reason may also be provided, if deemed necessary. In order to select the appropriate indicator, click ‘Add’ to select the appropriate reason for the report.
 
 Select the reason(s) applicable and then press ‘Close’. Alternatively, the user may search for reasons using the search bar available on the top left when expanding the form. It is imperative that a minimum of one reason for reporting must be selected to avoid rejection of the report by the GoAML system.